at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20TokenAction.java Source code

Java tutorial

  1. HOME
  2. Java
  3. at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20TokenAction.java

Introduction

Here is the source code for at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20TokenAction.java

Source

/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.protocol;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.logging.Logger;

import com.google.gson.JsonObject;

class OAuth20TokenAction implements IAction {

    public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
            HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {

        OAuth20SessionObject auth20SessionObject = null;
        try {
            OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;

            try {
                Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode());

                auth20SessionObject = AssertionStorage.getInstance().get(oAuthRequest.getCode(),
                        OAuth20SessionObject.class);

            } catch (MOADatabaseException e) {
                throw new OAuth20UnauthorizedClientException();

            }

            // do checking for different grant types and code
            if (auth20SessionObject == null || !auth20SessionObject.getCode().equals(oAuthRequest.getCode())) {
                throw new OAuth20UnauthorizedClientException();
            } else {
                Logger.debug("Loaded of OAuth20SessionObject was successful");
            }

            // create response
            JsonObject jsonObject = new JsonObject();
            OAuth20Util.addProperytiesToJsonObject(jsonObject, auth20SessionObject.getAuthDataSession());
            String jsonResponse = jsonObject.toString();
            Logger.debug("JSON Response: " + jsonResponse);

            // write respone to http response
            httpResp.setContentType("application/json");
            httpResp.setStatus(HttpServletResponse.SC_OK);
            httpResp.getOutputStream().print(jsonResponse);
            httpResp.getOutputStream().close();

            return null;
        } catch (Exception e) {
            Logger.error(e.getMessage(), e);
            throw new OAuth20ServerErrorException();
        }

        finally {
            if (auth20SessionObject != null) {
                // destroy session for clean up

                Logger.debug("Going to destroy session: " + auth20SessionObject.getCode());
                AssertionStorage.getInstance().remove(auth20SessionObject.getCode());

            }
        }
    }

    /*
     * (non-Javadoc)
     * @see
     * at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls
     * .IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
     */
    public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
        return false;
    }

    /*
     * (non-Javadoc)
     * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
     */
    public String getDefaultActionName() {
        return OAuth20Protocol.TOKEN_ACTION;
    }

}